CN108055281A - Account method for detecting abnormality, device, server and storage medium - Google Patents

Account method for detecting abnormality, device, server and storage medium Download PDF

Info

Publication number
CN108055281A
CN108055281A CN201711450524.0A CN201711450524A CN108055281A CN 108055281 A CN108055281 A CN 108055281A CN 201711450524 A CN201711450524 A CN 201711450524A CN 108055281 A CN108055281 A CN 108055281A
Authority
CN
China
Prior art keywords
account
stolen
behavior
threshold value
predetermined threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711450524.0A
Other languages
Chinese (zh)
Other versions
CN108055281B (en
Inventor
何建旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201711450524.0A priority Critical patent/CN108055281B/en
Publication of CN108055281A publication Critical patent/CN108055281A/en
Application granted granted Critical
Publication of CN108055281B publication Critical patent/CN108055281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention discloses a kind of account method for detecting abnormality, device, server and storage medium, wherein this method includes:The behavioral data of all stolen accounts is excavated using association rule algorithm, and abnormal behaviour sequence is determined according to obtained frequent item set is excavated;Obtain the behavior combination of current account on a preset condition based;Abnormality detection result is obtained according to the ratio of behavior combination hit exception behavior sequence.The embodiment of the present invention carries out automatic mining using association rule algorithm to the behavior for being stolen account, obtain abnormal behaviour sequence, account abnormality detection is carried out according to the ratio of account behavior combination hit exception behavior sequence, it solves and manually rule of thumb marks abnormal behaviour, the problem of heavy workload and not high accuracy, without manually rule of thumb marking abnormal behaviour, you can prediction account safety risk reduces human cost and accuracy is high.

Description

Account method for detecting abnormality, device, server and storage medium
Technical field
The present embodiments relate to account abnormality detection technology more particularly to a kind of account method for detecting abnormality, device, clothes Business device and storage medium.
Background technology
With the development of the network information, user can possess many accounts, be related to the side such as social activity, financial management, living management Face.Once account is stolen, economic loss can be made troubles or even caused to user.Therefore, account is carried out abnormality detection and in advance Police is the problem of needing to pay attention to.
At present, by the danger coefficient for a certain behavior for manually rule of thumb removing mark user account, the information based on mark Carry out account unusual checking, heavy workload and accuracy is not high.
The content of the invention
The embodiment of the present invention provides a kind of account method for detecting abnormality, device, server and storage medium, without artificial root Abnormal behaviour is marked according to experience, you can is predicted the security risk of account, is reminded user, effectively inhibits account and be stolen, improve account Safe coefficient, it is high to reduce human cost and accuracy.
In a first aspect, an embodiment of the present invention provides a kind of account method for detecting abnormality, including:
The behavioral data of all stolen accounts is excavated using association rule algorithm, and according to excavate obtain it is frequent Item collection determines abnormal behaviour sequence;
Obtain the behavior combination of current account on a preset condition based;
The ratio that the abnormal behaviour sequence is hit according to the behavior combination obtains abnormality detection result.
Second aspect, the embodiment of the present invention additionally provide a kind of account abnormal detector, including:
Data-mining module, for being excavated using association rule algorithm to the behavioral data of all stolen accounts, and Abnormal behaviour sequence is determined according to obtained frequent item set is excavated;
Behavior acquisition module, for obtaining the behavior combination of current account on a preset condition based;
Abnormality detection module, the ratio for hitting the abnormal behaviour sequence according to the behavior combination obtain abnormal inspection Survey result.
The third aspect, the embodiment of the present invention additionally provide a kind of server, and the server includes:
One or more processors;
Memory, for storing one or more programs;
When one or more of programs are performed by one or more of processors so that one or more of processing Device realizes the account method for detecting abnormality as described in any embodiment of the present invention.
Fourth aspect, the embodiment of the present invention additionally provide a kind of computer readable storage medium, are stored thereon with computer Program realizes the account method for detecting abnormality as described in any embodiment of the present invention when the program is executed by processor.
The technical solution of the embodiment of the present invention carries out automatic mining using association rule algorithm to the behavior for being stolen account, Abnormal behaviour sequence is obtained, obtains the behavior combination of account on a preset condition based, hit exception behavior sequence is combined according to the behavior The ratios of row carries out account abnormality detection, solves and manually rule of thumb marks abnormal behaviour, heavy workload and accuracy is not high The problem of, without manually rule of thumb marking abnormal behaviour, you can predict the security risk of account, remind user, effectively inhibit Account is stolen, and improves the safe coefficient of account, reduces human cost and accuracy is high.
Description of the drawings
Fig. 1 is the flow chart for the account method for detecting abnormality that the embodiment of the present invention one provides;
Fig. 2 is the flow chart of account method for detecting abnormality provided by Embodiment 2 of the present invention;
Fig. 3 is the flow chart for the account method for detecting abnormality that the embodiment of the present invention three provides;
Fig. 4 is the structure diagram for the account abnormal detector that the embodiment of the present invention four provides;
Fig. 5 is the structure diagram for the server that the embodiment of the present invention five provides.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention rather than limitation of the invention.It also should be noted that in order to just Part related to the present invention rather than entire infrastructure are illustrated only in description, attached drawing.
Embodiment one
Fig. 1 is the flow chart for the account method for detecting abnormality that the embodiment of the present invention one provides, and the present embodiment is applicable to examine Survey whether account the situation of abnormal behaviour occurs, this method can be performed by account abnormal detector, which can be by Software and/or hardware are realized, can generally be integrated in the server.As shown in Figure 1, this method specifically includes:
S110 excavates the behavioral data of all stolen accounts using association rule algorithm, and is obtained according to excavation Frequent item set determine abnormal behaviour sequence.
Wherein, the behavior for being stolen account can reflect that criminal steals the operation carried out after account, for example, modification is close Code, issue sham publicity, issue fraud information etc..Stolen account can be determined by customer complaint, be then based on stolen account The behavioral data at family is excavated, and determines abnormal behaviour sequence, using the foundation as abnormality detection.Artificial mask method can not answer To emerging abnormal behaviour, can only wait until that account is really stolen could mark this new abnormal behaviour later, optionally, this Embodiment can be timed excavation, the time interval of excavation using association rule algorithm to the behavioral data of all stolen accounts It can be configured according to actual demand, to ensure that abnormal behaviour sequence can upgrade in time, to tackle new different of criminal Chang Hangwei for example, being arranged to one day, i.e., will be excavated once daily.
Frequent item set refers to the combination often occurred, and the frequent item set in the present embodiment includes at least one behavior, for example, { I1, I2 } is frequent 2 item collection, and I1 and I2 represent different behaviors respectively.Association rule algorithm is used for the item of mining data Association between mesh collection, is mainly used in the analysis of customer's transaction data, and core is passing based on two benches Frequent Set thought Predication method, including:It finds out all frequent item sets and meets the Strong association rule of min confidence by frequent item set generation.This Frequent item set is excavated using association rule algorithm in embodiment, to determine abnormal behaviour sequence.
S120 obtains the behavior combination of current account on a preset condition based.
Wherein, current account is account to be detected, obtains the behavior combination of current account, is carried out with abnormal behaviour sequence It compares, to determine that current account whether there is exception and intensity of anomaly.Preset condition is set according to the behavioral characteristic of stolen account The condition for the acquisition behavior combination put, for example, behavioral characteristic of the stolen account before determining to be stolen is to continuously perform login, repair Change password, submit the sequence of operations such as sham publicity, then preset condition could be provided as acquisition account and publish this from logging on to Performed sequence of operations in the process.For another example, criminal has known above-mentioned preset condition, it is contemplated that countermeasure repeatedly logs in, It logs in every time and only carries out an operation, then preset condition can be changed in acquisition account continuous several times login process (such as 3 It is secondary) performed by behavior combination, to tackle new abnormal behaviour in time.It should be noted that preset condition can be changed at any time, To tackle new abnormal behaviour, the accuracy of abnormality detection is improved.
S130, the ratio that the abnormal behaviour sequence is hit according to the behavior combination obtain abnormality detection result.
Wherein, different intensity of anomaly can be determined according to different hit ratios and pre-set threshold value, and performed Corresponding abnormality processing operation, for example, all behaviors in behavior combination belong to abnormal behaviour sequence, i.e. all hits can It is abnormal with definite account, corresponding abnormality processing operation is performed, for example, compulsory withdrawal account, in case user loses.Abnormal behaviour Can include multiple frequent item sets in sequence, at this time can by each frequent item set in behavior combination and abnormal behaviour sequence into Row comparison, determines corresponding hit ratio, and final hit ratio, example are determined from multiple hit ratios according to preset strategy Such as, using highest hit ratio as final hit ratio, then according to the final hit ratio-dependent account abnormality detection knot Fruit.
The technical solution of the present embodiment carries out automatic mining to the behavior for being stolen account using association rule algorithm, obtains Abnormal behaviour sequence, obtains the behavior combination of account on a preset condition based, and hit exception behavior sequence is combined according to the behavior Ratio carries out account abnormality detection, solves and manually rule of thumb marks abnormal behaviour, heavy workload and accuracy is not high asks Topic, without manually rule of thumb marking abnormal behaviour, you can predict the security risk of account, remind user, effectively inhibit account It is stolen, the safe coefficient of account is improved, human cost is reduced and accuracy is high.In addition, timing update abnormal behavior sequence, energy It is enough to find in time and tackle new abnormal behaviour.
Embodiment two
Fig. 2 is the flow chart of account method for detecting abnormality provided by Embodiment 2 of the present invention, and the present embodiment is in above-mentioned implementation On the basis of example, provide " behavioral data of all stolen accounts is excavated using association rule algorithm, and according to excavation Obtained frequent item set determines abnormal behaviour sequence " embodiment, as shown in Fig. 2, this method specifically includes:
S210 gathers behavior number of all stolen accounts before determining to be stolen in preset time according to prefixed time interval According to.
Wherein, prefixed time interval can be set according to actual demand, for example, being arranged to one day, both ensure to handle load It is not excessive, also ensure that abnormal behaviour sequence can upgrade in time, to tackle the new abnormal behaviour of criminal.Account is stolen it Afterwards, criminal can be cheated using the account, for example, issuing sham publicity etc. after Modify password, therefore, preset time can Be to determine account be stolen (i.e. customer complaint account is stolen) before a period of time, for example, the previous day of customer complaint, accordingly , acquisition is stolen behavioral data of the account in customer complaint the previous day, this partial data can fully reflect criminal robber Take the operation carried out after account.Specifically, all stolen accounts are determined according to customer complaint, then for each stolen account Family, the acquisition account determine the behavioral data of stolen the previous day, the basis as data mining.
S220 is excavated from the behavioral data according to default minimum support and is obtained multiple frequent item sets.
In the present embodiment, support refers to the number that behavior or behavior combination occur in stolen account.Minimum support It can neither set too low, easily cause erroneous judgement, make troubles to user;It can not set too high, the missing inspection of abnormal account can be caused. Minimum support initially could be provided as empirical value, subsequently can according to the accuracy rate of actual abnormality detection to minimum support into Row adjustment, to reach expected detection result.Specifically, being sampled to the actual result of account abnormality detection, it is accurate to calculate detection True rate, if rate of accuracy reached is continuing with the minimum support to expection;If accuracy rate changes minimum less than expection Support, to be subsequently preferably detected.
Optionally, excavated using association rule algorithm from the behavioral data and obtain multiple frequent item sets and include:To institute It states behavioral data and carries out successively iteration, obtain the frequent N item collections for meeting the minimum support, wherein N represents frequent item set institute Including behavior item number (referred to as item number), N values are positive integer.
Wherein, successively iteration refers to obtain frequent k+1 item collections based on frequent k item collections.Meet minimum support and refer to item collection The number occurred in behavioral data is not less than minimum support.When generating frequent item set, it then follows following theorem:An if item Collection is frequent item set, then its nonvoid subset must be frequent item set.
The condition for stopping iteration being set in the present embodiment, which can be the branch of all frequent item sets of current layer Degree of holding is preset value, for example, the support of frequent 5 item collection of three obtained is equal to minimum support, then stops iteration;It should Condition, which can also be, reaches default frequent item set number, for example, obtaining 20 frequent item sets, then stops iteration.
S230 chooses the frequent item set for meeting default item number as the abnormal behaviour sequence from the multiple frequent item set Row.
Wherein, default item number can be configured according to actual demand, can be a specific number or one Section, illustratively, it is 20~25 to preset item number, then in obtained all frequent item sets, chooses the frequency that item number is 20~25 Numerous item collection, as abnormal behaviour sequence.In addition, default item number can also be embodied by ratio, for example, choosing maxitem The section that 80% to 85% corresponding integer part determines is as default item number.
S240 obtains the behavior combination of current account on a preset condition based.
S250, the ratio that the abnormal behaviour sequence is hit according to the behavior combination obtain abnormality detection result.
The technical solution of the present embodiment gathers behavior number of all stolen accounts before determining to be stolen in preset time According to as the basis of data mining, can fully reflecting that criminal steals the operation carried out after account, ensures to obtain based on this The abnormal behaviour sequence arrived is more accurate, and then improves the accuracy of account detection.Using association rule algorithm to being stolen account Behavior carry out automatic mining, without manually rule of thumb marking abnormal behaviour, reduce human cost.In addition, timing updates Abnormal behaviour sequence can find and tackle new abnormal behaviour in time.
Below to determining the mistake of abnormal behaviour sequence according to the behavioral data of all stolen accounts by taking Apriori algorithm as an example Journey illustrates.Default minimum support is 2, determines all stolen accounts according to customer complaint, gathers each stolen account respectively Behavior of the family in stolen the previous day, as shown in table 1.
Table 1 is stolen account and its behavior table
Stolen account Behavior
User A I1、I2、I5
User B I2、I4
User C I2、I3
User D I1、I2、I4
User E I1、I3
User F I2、I3
User G I1、I3
User H I1、I2、I3、I5
User J I1、I2、I3
The behavioral data of all stolen accounts is scanned, the occurrence number of each behavior is counted, behavior I1 goes out occurrence Number is 6 times, and behavior I2 occurrence numbers are 7 times, and behavior I3 occurrence numbers are 6 times, and behavior I4 occurrence numbers are 2 times, and behavior I5 goes out Occurrence number is 2 times.Frequent 1 item collection for meeting minimum support (i.e. occurrence number is not less than 2) is found out from above-mentioned behavior, is obtained Frequent 1 item collection it is as shown in table 2.
2 frequent 1 item collection of table illustrates table
Behavior item collection Support counting
{I1} 6
{I2} 7
{I3} 6
{I4} 2
{I5} 2
Based on frequent 1 item collection, candidate and its occurrence number that item number is 2 (i.e. comprising two behaviors) are determined:I1, I2 } occurrence number be 4, { I1, I3 } occurrence number be 4, { I1, I4 } occurrence number be 1, { I1, I5 } occurrence number be 2, I2, I3 } occurrence number be 4, { I2, I4 } occurrence number be 2, { I2, I5 } occurrence number be 2, { I3, I4 } occurrence number be 0, I3, I5 } occurrence number be 1, { I4, I5 } occurrence number be 0.It is found out from above-mentioned candidate and meets minimum support and (go out occurrence For number not less than frequent 2 item collection 2), obtained frequent 2 item collection is as shown in table 3.
3 frequent 2 item collection of table illustrates table
Behavior item collection Support counting
{ I1, I2 } 4
{ I1, I3 } 4
{ I1, I5 } 2
{ I2, I3 } 4
{ I2, I4 } 2
{ I2, I5 } 2
Based on frequent 2 item collection, candidate and its occurrence number that item number is 3 (i.e. comprising three behaviors) are determined:I1, I2, I3 } occurrence number be 2, { I1, I2, I5 } occurrence number be 2.It is found out from above-mentioned candidate and meets minimum support (i.e. For occurrence number not less than frequent 3 item collection 2), obtained frequent 3 item collection is as shown in table 4.It should be noted that due to frequent episode The nonvoid subset of collection must be frequent item set, and { I1, the I2 } and { I2, I4 } in frequent 2 item collection generates item collection { I1, I2, I4 }, by In its nonvoid subset { I1, I4 } not in frequent 2 item collection, so { I1, I2, I4 } does not meet theorem, it is impossible to as item number be 3 Candidate.
4 frequent 3 item collection of table illustrates table
Behavior item collection Support counting
{ I1, I2, I3 } 2
{ I1, I2, I5 } 2
The support of frequent 3 item collection of above-mentioned two is equal to minimum support, stops iteration, finally obtains all frequent episodes Integrate as shown in table 1-3.The frequent item set that selection item number is 3 is as abnormal behaviour sequence, i.e. { I1, I2, I3 } and { I1, I2, I5 }.
The behavior combination for obtaining account to be detected is I1 and I2, and the ratio of hit { I1, I2, I3 } is 2/3, hit I1, I2, I5 } ratio be also 2/3, according to predetermined threshold value, the corresponding operation of the ratio is that user is prompted to carry out presupposed information to test Card, after being verified, then user can be with normal operating, if verification is not by that can prompt user to perform prevention account and be stolen Operation, for example, Modify password etc..
Embodiment three
Fig. 3 is the flow chart for the account method for detecting abnormality that the embodiment of the present invention three provides, and the present embodiment is in above-mentioned each reality It on the basis of applying example, provides and " abnormality detection knot is obtained according to the ratio of the behavior combination hit abnormal behaviour sequence The embodiment of fruit ".As shown in figure 3, this method specifically includes:
S310 excavates the behavioral data of all stolen accounts using association rule algorithm, and is obtained according to excavation Frequent item set determine abnormal behaviour sequence.
S320 obtains the behavior combination of current account on a preset condition based.
S330 calculates the ratio of behavior combination hit exception behavior sequence.
Wherein, abnormal behaviour sequence includes at least one frequent item set, will be in behavior combination and abnormal behaviour sequence Each frequent item set is compared, and determines corresponding hit ratio, is determined finally from multiple hit ratios according to preset strategy Hit ratio, then according to this it is final hit ratio-dependent account abnormality detection result.
S340, if ratio reaches the first predetermined threshold value, it is determined that current account is abnormal, exits current account.
S350, if ratio reaches the second predetermined threshold value and less than the first predetermined threshold value, it is determined that the doubtful exception of current account, Prompting user performs the operation that prevention account is stolen.
Wherein, preventing the operation that account is stolen can be:Modify password opens secondary verification etc..
S360 if ratio reaches third predetermined threshold value and less than the second predetermined threshold value, prompts user to carry out presupposed information Verification.
Wherein, presupposed information can be close guarantor's problem that user is set in login account.Presupposed information is verified, table Show that account is not stolen, user can continue to operate.Illustratively, the first predetermined threshold value is 95%, and the second predetermined threshold value is 80%, third predetermined threshold value 50%.
Optionally, the above method can also include:Acquisition has detected the stolen result of account;According to the stolen result tune Whole first predetermined threshold value, the second predetermined threshold value and third predetermined threshold value.Wherein, the stolen result for having detected account can be by being It is no to have customer complaint to determine, according to the comparison of stolen result and abnormality detection result, determine the accuracy rate of abnormality detection, if Accuracy rate is not reaching to expection, then can reduce above-mentioned first predetermined threshold value, the second predetermined threshold value and third predetermined threshold value.
The technical solution of the present embodiment according to the ratio of behavior combination hit exception behavior sequence, determines abnormality detection knot Fruit, and corresponding abnormality processing operation is performed, the generation of abnormality detection erroneous judgement can be reduced, even if judging by accident, can also be reduced Judge the influence to user by accident.Also, the stolen result according to account has been detected adjusts the first predetermined threshold value, the second default threshold in time Value and third predetermined threshold value can further improve the accuracy rate of abnormality detection.
Example IV
Fig. 4 is the structure diagram for the account abnormal detector that the embodiment of the present invention four provides, as shown in figure 4, the dress Put including:Data-mining module 410, behavior acquisition module 420 and abnormality detection module 430.
Data-mining module 410, for being excavated using association rule algorithm to the behavioral data of all stolen accounts, And determine abnormal behaviour sequence according to obtained frequent item set is excavated;
Behavior acquisition module 420, for obtaining the behavior combination of current account on a preset condition based;
Abnormality detection module 430, the ratio for hitting the abnormal behaviour sequence according to the behavior combination obtain different Normal testing result.
Optionally, above-mentioned data-mining module 410 includes:
Data acquisition unit, it is pre- before determining to be stolen for gathering all stolen accounts according to prefixed time interval If the behavioral data in the time;
Data mining unit, for excavated according to default minimum support from the behavioral data obtain it is multiple frequently Item collection;
Sequence determination unit, for choosing the frequent item set for meeting default item number from the multiple frequent item set as institute State abnormal behaviour sequence.
Further, above-mentioned data mining unit is specifically used for:Successively iteration is carried out to the behavioral data, is met The frequent N item collections of the minimum support, wherein N represent the behavior item number included by frequent item set, and N values are positive integer.
Optionally, above-mentioned abnormality detection module 430 includes:
Ratio computing unit, for calculating the ratio that the behavior combination hits the abnormal behaviour sequence;
Abnormality detecting unit, if reaching the first predetermined threshold value for the ratio, it is determined that the current account is abnormal, moves back Go out the current account;If the ratio reaches the second predetermined threshold value and less than first predetermined threshold value, it is determined that described to work as The preceding doubtful exception of account prompts user to perform the operation that prevention account is stolen;And if the ratio reaches third predetermined threshold value And less than second predetermined threshold value, then user is prompted to carry out the verification of presupposed information.
Optionally, above device further includes:
Results acquisition module, for gathering the stolen result for having detected account;
Threshold adjustment module, for adjusting the first predetermined threshold value, the second predetermined threshold value and the 3rd according to the stolen result Predetermined threshold value.
The account abnormal detector that the embodiment of the present invention is provided can perform the account that any embodiment of the present invention is provided Family method for detecting abnormality possesses the corresponding function module of execution method and advantageous effect.Not detailed description in the present embodiment Technical detail, reference can be made to the account method for detecting abnormality that any embodiment of the present invention provides.
Embodiment five
Fig. 5 is the structure diagram for the server that the embodiment of the present invention five provides.Fig. 5 shows to be used for realizing this hair The block diagram of the exemplary servers 12 of bright embodiment.The server 12 that Fig. 5 is shown is only an example, should not be to the present invention The function and use scope of embodiment bring any restrictions.
As shown in figure 5, server 12 is showed in the form of universal computing device.The component of server 12 can be included but not It is limited to:One or more processor or processing unit 16, system storage 28, connection different system component is (including system Memory 28 and processing unit 16) bus 18.
Bus 18 represents the one or more in a few class bus structures, including memory bus or Memory Controller, Peripheral bus, graphics acceleration port, processor or the local bus using the arbitrary bus structures in a variety of bus structures.It lifts For example, these architectures include but not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC) Bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus.
Server 12 typically comprises various computing systems readable medium.These media can any can be serviced The usable medium that device 12 accesses, including volatile and non-volatile medium, moveable and immovable medium.
System storage 28 can include the computer system readable media of form of volatile memory, such as arbitrary access Memory (RAM) 30 and/or cache memory 32.Server 12 may further include other removable/nonremovable , volatile/non-volatile computer system storage medium.Only as an example, it is not removable to can be used for read-write for storage system 34 Dynamic, non-volatile magnetic media (Fig. 5 do not show, commonly referred to as " hard disk drive ").Although it not shown in Fig. 5, can provide For to moving the disc driver of non-volatile magnetic disk (such as " floppy disk ") read-write and to moving anonvolatile optical disk The CD drive of (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these cases, each driver can To be connected by one or more data media interfaces with bus 18.System storage 28 can include at least one program and produce Product, the program product have one group of (for example, at least one) program module, these program modules are configured to perform of the invention each The function of embodiment.
Program/utility 40 with one group of (at least one) program module 42 can be stored in such as system storage In device 28, such program module 42 includes but not limited to operating system, one or more application program, other program modules And program data, the realization of network environment may be included in each or certain combination in these examples.Program module 42 Usually perform the function and/or method in embodiment described in the invention.
Server 12 can also be logical with one or more external equipments 14 (such as keyboard, sensing equipment, display 24 etc.) Letter can also enable a user to the equipment interacted with the server 12 communication and/or with causing the server with one or more 12 any equipment (such as network interface card, the modem etc.) communications that can be communicated with one or more of the other computing device. This communication can be carried out by input/output (I/O) interface 22.Also, server 12 can also pass through network adapter 20 With one or more network (such as LAN (LAN), wide area network (WAN) and/or public network, such as internet) communication. As shown in figure 5, network adapter 20 is communicated by bus 18 with other modules of server 12.It should be understood that although in figure not It shows, server 12 can be combined and use other hardware and/or software module, included but not limited to:Microcode, device drives Device, redundant processing unit, external disk drive array, RAID system, tape drive and data backup storage system etc..
Processing unit 16 is stored in program in system storage 28 by operation, so as to perform various functions application and Data processing, such as realize the account method for detecting abnormality that the embodiment of the present invention is provided.
Embodiment six
The embodiment of the present invention six additionally provides a kind of computer readable storage medium, is stored thereon with computer program, should The account method for detecting abnormality as described in any embodiment of the present invention is realized when program is executed by processor.
The arbitrary of one or more computer-readable media may be employed in the computer storage media of the embodiment of the present invention Combination.Computer-readable medium can be computer-readable signal media or computer readable storage medium.It is computer-readable Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or Device or arbitrary above combination.The more specific example (non exhaustive list) of computer readable storage medium includes:Tool There are one or the electrical connections of multiple conducting wires, portable computer diskette, hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD- ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage Medium can be any tangible medium for including or storing program, which can be commanded execution system, device or device Using or it is in connection.
Computer-readable signal media can include in a base band or as carrier wave a part propagation data-signal, Wherein carry computer-readable program code.Diversified forms may be employed in the data-signal of this propagation, including but it is unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium beyond storage medium is read, which can send, propagates or transmit and be used for By instruction execution system, device either device use or program in connection.
The program code included on computer-readable medium can be transmitted with any appropriate medium, including --- but it is unlimited In wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.
It can write to perform the computer that operates of the present invention with one or more programming languages or its combination Program code, described program design language include object oriented program language-such as Java, Smalltalk, C++, Further include conventional procedural programming language-such as " C " language or similar programming language.Program code can be with It fully performs, partly perform on the user computer on the user computer, the software package independent as one performs, portion Divide and partly perform or perform on a remote computer or server completely on the remote computer on the user computer. Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including LAN (LAN) or Wide area network (WAN)-be connected to subscriber computer or, it may be connected to outer computer (such as is carried using Internet service Pass through Internet connection for business).
Note that it above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various apparent variations, It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above example to the present invention It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also It can include other more equivalent embodiments, and the scope of the present invention is determined by scope of the appended claims.

Claims (12)

1. a kind of account method for detecting abnormality, which is characterized in that including:
The behavioral data of all stolen accounts is excavated using association rule algorithm, and the frequent item set obtained according to excavation Determine abnormal behaviour sequence;
Obtain the behavior combination of current account on a preset condition based;
The ratio that the abnormal behaviour sequence is hit according to the behavior combination obtains abnormality detection result.
2. according to the method described in claim 1, it is characterized in that, utilize behavior of the association rule algorithm to all stolen accounts Data are excavated, and determine abnormal behaviour sequence according to obtained frequent item set is excavated, including:
Behavioral data of all stolen accounts before determining to be stolen in preset time is gathered according to prefixed time interval;
It is excavated according to default minimum support from the behavioral data and obtains multiple frequent item sets;
The frequent item set for meeting default item number is chosen from the multiple frequent item set as the abnormal behaviour sequence.
3. according to the method described in claim 2, it is characterized in that, according to default minimum support from the behavioral data Excavation obtains multiple frequent item sets, including:
Successively iteration is carried out to the behavioral data, obtains the frequent N item collections for meeting the minimum support, wherein N represents frequency Behavior item number included by numerous item collection, N values are positive integer.
4. according to the method described in claim 1, it is characterized in that, the abnormal behaviour sequence is hit according to the behavior combination Ratio obtain abnormality detection result, including:
Calculate the ratio that the behavior combination hits the abnormal behaviour sequence;
If the ratio reaches the first predetermined threshold value, it is determined that the current account is abnormal, exits the current account;
If the ratio reaches the second predetermined threshold value and less than first predetermined threshold value, it is determined that the current account is doubtful different Often, user is prompted to perform the operation that prevention account is stolen;
If the ratio reaches third predetermined threshold value and less than second predetermined threshold value, user is prompted to carry out presupposed information Verification.
5. according to any method in Claims 1-4, which is characterized in that according to behavior combination hit After the ratio of abnormal behaviour sequence obtains abnormality detection result, further include:
Acquisition has detected the stolen result of account;
First predetermined threshold value, the second predetermined threshold value and third predetermined threshold value are adjusted according to the stolen result.
6. a kind of account abnormal detector, which is characterized in that including:
Data-mining module, for being excavated using association rule algorithm to the behavioral data of all stolen accounts, and according to It excavates obtained frequent item set and determines abnormal behaviour sequence;
Behavior acquisition module, for obtaining the behavior combination of current account on a preset condition based;
Abnormality detection module, the ratio for hitting the abnormal behaviour sequence according to the behavior combination obtain abnormality detection knot Fruit.
7. device according to claim 6, which is characterized in that the data-mining module includes:
Data acquisition unit, when being preset for gathering all stolen accounts according to prefixed time interval before determining to be stolen Interior behavioral data;
Data mining unit obtains multiple frequent episodes for being excavated according to default minimum support from the behavioral data Collection;
Sequence determination unit, for choosing the frequent item set for meeting default item number from the multiple frequent item set as described different Normal behavior sequence.
8. device according to claim 7, which is characterized in that the data mining unit is specifically used for:
Successively iteration is carried out to the behavioral data, obtains the frequent N item collections for meeting the minimum support, wherein N represents frequency Behavior item number included by numerous item collection, N values are positive integer.
9. device according to claim 6, which is characterized in that the abnormality detection module includes:
Ratio computing unit, for calculating the ratio that the behavior combination hits the abnormal behaviour sequence;
Abnormality detecting unit, if reaching the first predetermined threshold value for the ratio, it is determined that the current account is abnormal, exits institute State current account;If the ratio reaches the second predetermined threshold value and less than first predetermined threshold value, it is determined that the current account The doubtful exception in family prompts user to perform the operation that prevention account is stolen;And if the ratio reaches third predetermined threshold value and small In second predetermined threshold value, then user is prompted to carry out the verification of presupposed information.
10. according to any device in claim 6 to 9, which is characterized in that described device further includes:
Results acquisition module, for gathering the stolen result for having detected account;
Threshold adjustment module, it is default for adjusting the first predetermined threshold value, the second predetermined threshold value and the 3rd according to the stolen result Threshold value.
11. a kind of server, which is characterized in that the server includes:
One or more processors;
Memory, for storing one or more programs;
When one or more of programs are performed by one or more of processors so that one or more of processors are real The now account method for detecting abnormality as described in any in claim 1 to 5.
12. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor The account method for detecting abnormality as described in any in claim 1 to 5 is realized during execution.
CN201711450524.0A 2017-12-27 2017-12-27 Account abnormity detection method, device, server and storage medium Active CN108055281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711450524.0A CN108055281B (en) 2017-12-27 2017-12-27 Account abnormity detection method, device, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711450524.0A CN108055281B (en) 2017-12-27 2017-12-27 Account abnormity detection method, device, server and storage medium

Publications (2)

Publication Number Publication Date
CN108055281A true CN108055281A (en) 2018-05-18
CN108055281B CN108055281B (en) 2021-05-18

Family

ID=62127911

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711450524.0A Active CN108055281B (en) 2017-12-27 2017-12-27 Account abnormity detection method, device, server and storage medium

Country Status (1)

Country Link
CN (1) CN108055281B (en)

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108984721A (en) * 2018-07-10 2018-12-11 阿里巴巴集团控股有限公司 The recognition methods of rubbish account and device
CN109120634A (en) * 2018-09-05 2019-01-01 广州视源电子科技股份有限公司 A kind of method, apparatus, computer equipment and the storage medium of port scan detection
CN109408556A (en) * 2018-09-28 2019-03-01 中国平安人寿保险股份有限公司 Abnormal user recognition methods and device, electronic equipment, medium based on big data
CN109658109A (en) * 2018-10-29 2019-04-19 平安医疗健康管理股份有限公司 Detection method, device, terminal and the storage medium that medical insurance is swiped the card extremely
CN109714636A (en) * 2018-12-21 2019-05-03 武汉瓯越网视有限公司 A kind of user identification method, device, equipment and medium
CN109818942A (en) * 2019-01-07 2019-05-28 微梦创科网络科技(中国)有限公司 A kind of user account number method for detecting abnormality and device based on temporal aspect
CN109815042A (en) * 2019-01-21 2019-05-28 南方科技大学 Localization method, device, server and the storage medium of abnormal factors
CN109857779A (en) * 2019-01-10 2019-06-07 北京三快在线科技有限公司 The method and apparatus for searching fraud account, storage medium and electronic equipment
CN109862004A (en) * 2019-01-28 2019-06-07 杭州数梦工场科技有限公司 A kind of account usage behavior detection method and device
CN110209551A (en) * 2019-05-24 2019-09-06 北京奇艺世纪科技有限公司 A kind of recognition methods of warping apparatus, device, electronic equipment and storage medium
CN110222243A (en) * 2019-05-27 2019-09-10 北京小米移动软件有限公司 Determine the method, apparatus and storage medium of abnormal behaviour
CN110399543A (en) * 2019-05-23 2019-11-01 北京鑫宇创世科技有限公司 A kind of advertising accounts method for early warning
CN110532760A (en) * 2019-08-12 2019-12-03 广州海颐信息安全技术有限公司 Compatible structure and unstructured privilege threaten the method and device of behavioral data
CN110543762A (en) * 2019-08-12 2019-12-06 广州海颐信息安全技术有限公司 Privileged account threat analysis system
CN110675228A (en) * 2019-09-27 2020-01-10 支付宝(杭州)信息技术有限公司 User ticket buying behavior detection method and device
CN110704773A (en) * 2018-06-25 2020-01-17 顺丰科技有限公司 Abnormal behavior detection method and system based on frequent behavior sequence mode
CN110728583A (en) * 2019-10-11 2020-01-24 支付宝(杭州)信息技术有限公司 Method and system for identifying cheating claim behaviors
CN110750238A (en) * 2019-09-20 2020-02-04 阿里巴巴集团控股有限公司 Method and device for determining product requirements and electronic equipment
CN111031017A (en) * 2019-11-29 2020-04-17 腾讯科技(深圳)有限公司 Abnormal business account identification method, device, server and storage medium
CN111459797A (en) * 2020-02-27 2020-07-28 上海交通大学 Method, system and medium for detecting abnormity of developer behaviors in open source community
CN111698247A (en) * 2020-06-11 2020-09-22 腾讯科技(深圳)有限公司 Abnormal account detection method, device, equipment and storage medium
CN112583768A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 User abnormal behavior detection method and device
WO2021056731A1 (en) * 2019-09-23 2021-04-01 平安科技(深圳)有限公司 Log data analysis-based behavior detection method, apparatus, device, and medium
CN112667706A (en) * 2020-12-23 2021-04-16 微梦创科网络科技(中国)有限公司 Method and device for identifying stolen account
CN112860741A (en) * 2021-01-18 2021-05-28 平安科技(深圳)有限公司 Data sampling detection method, device, equipment and storage medium
CN113098912A (en) * 2021-06-09 2021-07-09 北京达佳互联信息技术有限公司 User account abnormity identification method and device, electronic equipment and storage medium
CN113835919A (en) * 2021-09-26 2021-12-24 中国联合网络通信集团有限公司 Data processing method, server and storage medium
CN113868010A (en) * 2021-12-01 2021-12-31 杭银消费金融股份有限公司 Abnormal data processing method and system applied to business system
CN114418008A (en) * 2022-01-21 2022-04-29 平安国际智慧城市科技股份有限公司 Medical treatment behavior identification method and device, terminal equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN105681312A (en) * 2016-01-28 2016-06-15 李青山 Mobile internet exceptional user detection method based on frequent itemset mining
CN105843947A (en) * 2016-04-08 2016-08-10 华南师范大学 Abnormal behavior detection method and system based on big-data association rule mining
CN106156026A (en) * 2015-03-24 2016-11-23 中国人民解放军国防科学技术大学 A kind of method based on the data online anomaly of stream fictitious assets
US20170063885A1 (en) * 2015-09-01 2017-03-02 Paypal, Inc. Predicting Account Takeover Tsunami Using Dump Quakes
CN106850632A (en) * 2017-02-10 2017-06-13 北京奇艺世纪科技有限公司 The detection method and device of a kind of unusual combination data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN106156026A (en) * 2015-03-24 2016-11-23 中国人民解放军国防科学技术大学 A kind of method based on the data online anomaly of stream fictitious assets
US20170063885A1 (en) * 2015-09-01 2017-03-02 Paypal, Inc. Predicting Account Takeover Tsunami Using Dump Quakes
CN105681312A (en) * 2016-01-28 2016-06-15 李青山 Mobile internet exceptional user detection method based on frequent itemset mining
CN105843947A (en) * 2016-04-08 2016-08-10 华南师范大学 Abnormal behavior detection method and system based on big-data association rule mining
CN106850632A (en) * 2017-02-10 2017-06-13 北京奇艺世纪科技有限公司 The detection method and device of a kind of unusual combination data

Cited By (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110704773A (en) * 2018-06-25 2020-01-17 顺丰科技有限公司 Abnormal behavior detection method and system based on frequent behavior sequence mode
CN108984721A (en) * 2018-07-10 2018-12-11 阿里巴巴集团控股有限公司 The recognition methods of rubbish account and device
CN109120634A (en) * 2018-09-05 2019-01-01 广州视源电子科技股份有限公司 A kind of method, apparatus, computer equipment and the storage medium of port scan detection
CN109120634B (en) * 2018-09-05 2021-02-05 广州视源电子科技股份有限公司 Port scanning detection method and device, computer equipment and storage medium
CN109408556A (en) * 2018-09-28 2019-03-01 中国平安人寿保险股份有限公司 Abnormal user recognition methods and device, electronic equipment, medium based on big data
CN109408556B (en) * 2018-09-28 2024-02-02 中国平安人寿保险股份有限公司 Abnormal user identification method and device based on big data, electronic equipment and medium
CN109658109A (en) * 2018-10-29 2019-04-19 平安医疗健康管理股份有限公司 Detection method, device, terminal and the storage medium that medical insurance is swiped the card extremely
CN109714636A (en) * 2018-12-21 2019-05-03 武汉瓯越网视有限公司 A kind of user identification method, device, equipment and medium
CN109714636B (en) * 2018-12-21 2021-04-23 武汉瓯越网视有限公司 User identification method, device, equipment and medium
CN109818942A (en) * 2019-01-07 2019-05-28 微梦创科网络科技(中国)有限公司 A kind of user account number method for detecting abnormality and device based on temporal aspect
CN109857779A (en) * 2019-01-10 2019-06-07 北京三快在线科技有限公司 The method and apparatus for searching fraud account, storage medium and electronic equipment
CN109857779B (en) * 2019-01-10 2020-07-31 北京三快在线科技有限公司 Method and device for searching fraud account, storage medium and electronic equipment
CN109815042A (en) * 2019-01-21 2019-05-28 南方科技大学 Localization method, device, server and the storage medium of abnormal factors
CN109815042B (en) * 2019-01-21 2022-05-27 南方科技大学 Abnormal factor positioning method, abnormal factor positioning device, server and storage medium
CN109862004A (en) * 2019-01-28 2019-06-07 杭州数梦工场科技有限公司 A kind of account usage behavior detection method and device
CN109862004B (en) * 2019-01-28 2021-08-24 杭州数梦工场科技有限公司 Account use behavior detection method and device
CN110399543A (en) * 2019-05-23 2019-11-01 北京鑫宇创世科技有限公司 A kind of advertising accounts method for early warning
CN110209551A (en) * 2019-05-24 2019-09-06 北京奇艺世纪科技有限公司 A kind of recognition methods of warping apparatus, device, electronic equipment and storage medium
CN110209551B (en) * 2019-05-24 2023-12-08 北京奇艺世纪科技有限公司 Abnormal equipment identification method and device, electronic equipment and storage medium
CN110222243A (en) * 2019-05-27 2019-09-10 北京小米移动软件有限公司 Determine the method, apparatus and storage medium of abnormal behaviour
CN110222243B (en) * 2019-05-27 2021-08-31 北京小米移动软件有限公司 Method, device and storage medium for determining abnormal behavior
CN110532760A (en) * 2019-08-12 2019-12-03 广州海颐信息安全技术有限公司 Compatible structure and unstructured privilege threaten the method and device of behavioral data
CN110543762A (en) * 2019-08-12 2019-12-06 广州海颐信息安全技术有限公司 Privileged account threat analysis system
CN110750238B (en) * 2019-09-20 2023-10-03 创新先进技术有限公司 Method and device for determining product demand and electronic equipment
CN110750238A (en) * 2019-09-20 2020-02-04 阿里巴巴集团控股有限公司 Method and device for determining product requirements and electronic equipment
WO2021056731A1 (en) * 2019-09-23 2021-04-01 平安科技(深圳)有限公司 Log data analysis-based behavior detection method, apparatus, device, and medium
CN110675228A (en) * 2019-09-27 2020-01-10 支付宝(杭州)信息技术有限公司 User ticket buying behavior detection method and device
CN112583768A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 User abnormal behavior detection method and device
CN110728583A (en) * 2019-10-11 2020-01-24 支付宝(杭州)信息技术有限公司 Method and system for identifying cheating claim behaviors
CN111031017A (en) * 2019-11-29 2020-04-17 腾讯科技(深圳)有限公司 Abnormal business account identification method, device, server and storage medium
CN111031017B (en) * 2019-11-29 2021-12-14 腾讯科技(深圳)有限公司 Abnormal business account identification method, device, server and storage medium
CN111459797A (en) * 2020-02-27 2020-07-28 上海交通大学 Method, system and medium for detecting abnormity of developer behaviors in open source community
CN111698247A (en) * 2020-06-11 2020-09-22 腾讯科技(深圳)有限公司 Abnormal account detection method, device, equipment and storage medium
CN112667706A (en) * 2020-12-23 2021-04-16 微梦创科网络科技(中国)有限公司 Method and device for identifying stolen account
CN112860741A (en) * 2021-01-18 2021-05-28 平安科技(深圳)有限公司 Data sampling detection method, device, equipment and storage medium
CN113098912B (en) * 2021-06-09 2022-10-14 北京达佳互联信息技术有限公司 User account abnormity identification method and device, electronic equipment and storage medium
CN113098912A (en) * 2021-06-09 2021-07-09 北京达佳互联信息技术有限公司 User account abnormity identification method and device, electronic equipment and storage medium
CN113835919B (en) * 2021-09-26 2023-06-13 中国联合网络通信集团有限公司 Data processing method, server and storage medium
CN113835919A (en) * 2021-09-26 2021-12-24 中国联合网络通信集团有限公司 Data processing method, server and storage medium
CN113868010B (en) * 2021-12-01 2022-02-18 杭银消费金融股份有限公司 Abnormal data processing method and system applied to business system
CN113868010A (en) * 2021-12-01 2021-12-31 杭银消费金融股份有限公司 Abnormal data processing method and system applied to business system
CN114418008A (en) * 2022-01-21 2022-04-29 平安国际智慧城市科技股份有限公司 Medical treatment behavior identification method and device, terminal equipment and storage medium

Also Published As

Publication number Publication date
CN108055281B (en) 2021-05-18

Similar Documents

Publication Publication Date Title
CN108055281A (en) Account method for detecting abnormality, device, server and storage medium
CN108011782B (en) Method and device for pushing alarm information
CN109658539A (en) Method for inspecting, device, server and the computer storage medium of chemical industrial park
CN109492378A (en) A kind of auth method based on EIC equipment identification code, server and medium
CN106407808A (en) Mitigating block chain attack
CN106599716A (en) Message content protection method and device, and mobile terminal
CN106201829A (en) Monitoring Threshold and device, monitoring alarm method, Apparatus and system
US20170134362A1 (en) Detection of anomalous authentication attempts in a client-server architecture
CN109711155A (en) A kind of early warning determines method and apparatus
CN109561085A (en) A kind of auth method based on EIC equipment identification code, server and medium
CN106934274A (en) A kind of weak passwurd detection method, apparatus and system
CN113127305B (en) Abnormality detection method and device
EP3377976A1 (en) Anomaly detection in multiple correlated sensors
CN108872762A (en) Electronic equipment electrical leakage detecting method, device, electronic equipment and storage medium
CN110852374A (en) Data detection method and device, electronic equipment and storage medium
CN105868878B (en) The Risk Identification Method and device of MAC Address
CN108234472A (en) Detection method and device, computer equipment and the readable medium of Challenging black hole attack
CN109120634A (en) A kind of method, apparatus, computer equipment and the storage medium of port scan detection
CN110378695A (en) Bank card payment method, device, equipment and computer storage medium
CN111629010A (en) Malicious user identification method and device
CN111861747A (en) Transaction link exception handling method and device and electronic equipment
CA3236486A1 (en) Systems and methods for improved detection of network attacks
CN115409290A (en) Business data risk model verification method and device, electronic equipment and medium
CN109684863A (en) Data leakage prevention method, device, equipment and storage medium
CN106502887A (en) A kind of stability test method, test controller and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant